Full-Domain-Hash

Full- domain hash (abbreviation: FDH ) is a signature scheme in the field of cryptology. The recipient of a message can research if the message sent to it by the sender, has been altered by a third party or not.

The principle of the method is to hash a message first and then apply any Trapdoor Einwegpermutation it. The hash function is modeled as a random oracle whose image set is equal to the definition range of the Einwegpermutation. Hence it is also the name of full domain hash.

Description of the Protocol

This full- domain hash method is an asymmetric signature scheme whose public key is formed from a trapdoor Einwegpermutation and a random oracle. The associated secret key is the inverse function of the Trapdoor Einwegpermutation.

The signature of a message is calculated by the following function:

The message will then be sent along with the signature to the receiver.

The recipient receives the message together with the signature. The verification function

It checks the message. This is exactly from then true if the message has not changed.

RSA Full Domain Hash

If, as Trapdoor Einwegpermutation the RSA function with the parameters known by the RSA, then one speaks of the RSA full domain hash. The method is proven to be safe, which means it can also be an attack with free choice of plain text no existential forgery produced.

Security of the RSA full domain hash

If RSA is secure, then the RSA full domain hash method is secure random oracle model, on the basis of having

Note that the article by Jean -Sébastien Coron presupposes apparently. For large, this amounts to addition.

This means that if there is an algorithm that can create an existential forgery for the full- domain hash method with a maturity of and probability of success, while at most calculated and a maximum of signatures required, then there is an algorithm, the discrete logarithms of RSA modules with a run time calculated from and probability of success.

Relevance

The authors of full- domain hash have suggested another method, the Probabilistic Signature Scheme (PSS ), which in their view has better cryptographic properties. Therefore, FDH is practically not used, since PSS was standardized as part of PKCS # 1 v2.1.

Swell

  • Douglas R. Stinson: Cryptography. Theory and Practice. 3rd edition. Chapman & Hall / CRC, 2005, ISBN 1-58488-508-4, pages 304-307
  • Jean -Sébastien Coron: On the Exact Security of Full Domain Hash. (PDF, 103 kB) CRYPTO 2000: pages 229-235
  • Signature method
Domain of a function Digital signature
355452
de